Im trying to use the facebook login from https://github.com/facebook/facebook-php-sdk
It works fine over HTTP but fails to login over HTTPS, The app page lists the login page as https://my.url.com
Both pages have a get redirect with code and state, which are the same length for the working and non working URL.
I would prefer to use https for all login pages.
By Doesnt work I mean after a successful login the token is appid|appsecret and the user returns ID of 0 instead of the actual user id which has just completed the login
Found the issue to be the Redirect URL. Code was being used from http://webcheatsheet.com/php/get_current_page_url.php
which puts the port :443 on the url. During the redirect the facebook info gets "lost"
Changing their code to allow for this fixes the problem. though with or without the :443 its still a valid URL and should really work
Have you considered using the HybridAuth library? I've always had it dump me into https on Facebook
The :443 is what tells the browser to connect over HTTPS, the default port for HTTP is 80 and 443 for HTTPS.
Perhaps the issue is something to do with Facebook having cached your domain as port 80
You can clear facebook's cache of your site, and troubleshoot other URL related problems with their official URL debugger https://developers.facebook.com/tools/debug/
Related
Whenever i tried to login with facebook i'm getting the following error.
Insecure login Blocked. You cant get access token or log in to this app from insecure page. Try re-loading the page as https://
This code is in my localhost.
And this the url i'm using http://localhost/php-facebook-login/login.php same url only i have given in the facebook app configuration page.
Please help me to rectify this issues.
Thank you.
Since March 2018 Facebook requires redirect URIs to be served using HTTPS by default. The toggle is called "Enforce HTTPS". See Facebook's manual for more details Facebook Login Security
As the commenters pointed out the redirect will work even for localhost. But I am not sure if Facebook will accept a self signed certificate.
I'm trying to add a hosted payment solution to an old Symfony 2.6 project. This is the standard hosted solution where you embed Payment Gateway's form inside an iframe, to allow user to securely submit their CC information. When payment is processed Payment Gateway redirects the user back to my site using GET request and sends me the payment token as GET param.
This all happens inside the iFrame obviously and this whole process works fine, except for the last step.
When user is redirected back to my callback URL inside the iframe, Symfony for some reason doesn't recognize user's session and redirects user to the login. I get message: security.INFO: Populated SecurityContext with an anonymous Token in the log. That happens only for that one call, user remains logged in on the rest of the site. User logins are controlled by fos_userbundle, in the standard setup.
Callback URL looks like this: http://some.site/foo?paymentToken=12345, and if I enter that url directly into the browser it works just fine. Even when I set iframe's src directly to that url it loads fine. But when user is 302 redirect-ed back to that url from the payment gateway it fails (using Chrome browser).
Payment gateway is using https, my site is using regular http, so I guess it has something to do with switching the security levels? But have no idea how to solve it.
Since the redirect comes from the 3rd party server I can't control the headers or anything else about that request.
UPDATE: I've noticed that Chrome sends the header: upgrade-insecure-requests:1, not sure if it's causing the problems?
I can confirm that this is not a Symfony problem, but an issue with how Chrome handles redirects from secure to insecure sites (possibly a bug?).
Chrome doesn't send any cookies on 302 redirect from https to http page, and that's why user is not recognized properly. Everything works fine with Firefox.
This can be also you're testing the app in app_dev.php (developing mode) and the iframe is calling the production verision (app.php). Each application manage different sessions.
I have a website with fb log in. Everything was okay in localhost until I uploaded it in the main server for production(https server). Can someone help me. I already changed the direct URI and domains but still not working. An error will appear:
Graph returned an error: Unable to load URL: Domain of this URL is not
included in the domain of the application. To load this URL, please add all
domains and subdomains to the app settings application domain.
Note: I already changed Valid OAuth redirect URIs but still wont work.
I believe you have to change URL of your facebook application in FB developers API. Go to your app, Settings tab and there is Website section with Site URL field. Change it to whatever url your domain is.
I have developed a mvc site from scratch and locally it works, but what a surprise ! Trying the site uploaded to my hosting it doesn't work.
The login sequence is the following:
Every page checks if you are loged (http) and redirect to login page (https) if you don't.
Always you will be redirected to login page.
After some research, I have discovered the reason: php session is lost between https and http.
I don't understand why works locally and remotely not, but I think due php local settings set php sesssion identifier as PHPESSID for http & https and remote settings not.
Thinking about the trouble, I understand I can fix the issue passing the session identifier from https to http or making the whole site https rewriting the urls as follow:
intranet.mysite.com/anypage/
Hosting shared ssl
https://server.subdomain/~user/public_html/intranet/anypage/
Additional information
the page is hosted under hostgator. The url paths are
site
intranet.mydomain.com
ssl shared access
https://gatorxxx.hostgator.com/~user/intranet
how I can make session works between urls ?
thanks.
If I understand correctly you host the SSL page on a different domain? The PHP session cookie is lost then, because the cookie is bound by subdomain (or domain, whichever the cookiedomain is set to).
I have an app on my server which redirects to Facebook and thus displays the browser version of the Facebook Login page.
However, since I'll be accessing this through a mobile device, I'll want it to display the mobile version of the Facebook login page.
Is it possible to use the header() function or is there a way to change the user-agent on my host before it redirects to Facebook? So that Facebook will think the request is coming from a mobile device and thus render the mobile version.
I have already tried to use JavaScript and tried spoofing the header command; unfortunately these didn't work.
Thank you.
ini_set('user_agent', 'MyBrowser v42.0.4711');
Your server cannot affect the remote browser's configuration. The only place where you could change the user agent is if you were proxying the browser's requests to facebook, as it'd be your server connecting to FB, not the client.
Try redirecting to m.facebook.com instead. That displays a minimal "mobile" version.